Cybersecurity and human rights

Cybersecurity and human rights- A cyberattack has the power to paralyze cellular communications; alter or erase information in computerized systems; prevent access to computer servers; and directly harm a country’s economy and security by attacking its electricity networks or banking system.

The necessity is clear for any country, but especially Israel with its unique security considerations, to maintain a cyber defense system. The creation of the unified Israel National Cyber Directorate (INCD), which includes the Israel Cyber Event Readiness Team (CERT-IL), side by side with other security agencies such as the Israeli NSA and Mossad within the Prime Minister’s Office, addresses this need. This is an important institution, and it therefore must have clearly defined legislative powers, goals and organizational structures.

What is interesting, though, is that although Israel is Startup Nation when it comes to innovation and development, it is sorely behind in legislation that deals with the growing dilemmas regarding the intersection between technology, human rights and democratic values. Most technological innovations in security and tracking systems used in social networks are developed out of the public eye. The unified INCD was established before legislation to regulate its activities was put in place.

To this end, the recent publishing of the first draft of a cyber law for Israel, designed to provide a legal framework for the activities of Israel’s cyber defense system, is welcomed. However, the content of the draft shows that the State is seeking to assume far wider powers than are needed to protect the public from cyberattacks. Part of the reason for this is that it is difficult at present to assess what cyberattacks could look like in the future, but another part is what seems to be a somewhat hidden policy of the government to use technology in order to increase their control over citizens’ activities.

According to the draft, the INCD, a division within the Prime Minister’s Office, will be able to routinely collect data from internet and cellular providers, government ministries, local authorities and government corporations in order to identify and thwart cyberattacks in real time. Yet the definition of “security relevant data” remains ambiguous, and is certainly much broader than the definitions laid out in IOC (Cyber Threat Indicator) in the American Cybersecurity Information Sharing Act (CISA) passed in 2015.

The question is whether there is truly a need for all of this information — a record of all online activities and personal details we’ve shared with governmental agencies — to be collected in this way, and whether this is information that could potentially be used to create behavioral profiles that could be used against citizens. What, in effect, is the difference between gathering this data and wide-scale, unrestricted wiretapping? For the State to have access to such far-reaching information constitutes a real threat to citizens’ privacy and human rights on a larger scale.